CVE-2023-50270 | Vulnerability Database

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-50270
CWE	https://cwe.mitre.org/data/definitions/613.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-50270

CWE

https://cwe.mitre.org/data/definitions/613.html

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Potential Mitigations

References

https://github.com/apache/dolphinscheduler/pull/15219
https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
https://www.openwall.com/lists/oss-security/2024/02/20/3
https://github.com/apache/dolphinscheduler/pull/15219
https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
https://www.openwall.com/lists/oss-security/2024/02/20/3